/

CVE-2023-1965 Report - Details, Severity, & Advisories

CVE-2023-1965 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2023-1965 is a medium-severity vulnerability affecting GitLab EE, a popular web-based DevOps platform. This security issue impacts specific versions of the software, allowing attackers to exploit a lack of verification on the RelayState parameter. As a result, maliciously crafted URLs can obtain access tokens granted for third-party Group SAML SSO logins. It's important to note that this feature is not enabled by default, and the vulnerability affects systems running certain GitLab EE versions.

How do I know if I'm affected by CVE-2023-1965?

If you're using GitLab EE, you might be affected by the CVE-2023-1965 vulnerability. To know if you're at risk, check your GitLab EE version. The affected versions are those starting from 14.2 but before 15.9.6, those starting from 15.10 but before 15.10.5, and those starting from 15.11 but before 15.11.1. This vulnerability is related to the RelayState parameter and could allow attackers to obtain access tokens for third-party Group SAML SSO logins. However, this feature is not enabled by default, so you might not be affected if you haven't enabled it.

What should I do if I'm affected by CVE-2023-1965?

If you're affected by the CVE-2023-1965 vulnerability, it's crucial to update your GitLab EE to a patched version. Follow these simple steps: 1) Identify your current GitLab EE version, 2) Check if it's within the affected range, 3) If so, update to version 15.9.6, 15.10.5, or 15.11.1, depending on your current version, and 4) Verify the update was successful.

Is CVE-2023-1965 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1965 vulnerability is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. This security issue, which affects GitLab EE, was added on May 3, 2023. The catalog doesn't mention a specific due date or required action, but it's crucial to update your GitLab EE to a patched version to protect your system from potential attacks.

Weakness enumeration

The CVE-2023-1965 vulnerability is associated with CWE-352, which refers to Cross-Site Request Forgery. This weakness allows attackers to exploit GitLab's Group SAML accounts through crafted URLs.

For more details

CVE-2023-1965 is a medium-severity vulnerability affecting GitLab EE, with potential consequences if left unpatched. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-1965 Report - Details, Severity, & Advisories

CVE-2023-1965 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2023-1965 is a medium-severity vulnerability affecting GitLab EE, a popular web-based DevOps platform. This security issue impacts specific versions of the software, allowing attackers to exploit a lack of verification on the RelayState parameter. As a result, maliciously crafted URLs can obtain access tokens granted for third-party Group SAML SSO logins. It's important to note that this feature is not enabled by default, and the vulnerability affects systems running certain GitLab EE versions.

How do I know if I'm affected by CVE-2023-1965?

If you're using GitLab EE, you might be affected by the CVE-2023-1965 vulnerability. To know if you're at risk, check your GitLab EE version. The affected versions are those starting from 14.2 but before 15.9.6, those starting from 15.10 but before 15.10.5, and those starting from 15.11 but before 15.11.1. This vulnerability is related to the RelayState parameter and could allow attackers to obtain access tokens for third-party Group SAML SSO logins. However, this feature is not enabled by default, so you might not be affected if you haven't enabled it.

What should I do if I'm affected by CVE-2023-1965?

If you're affected by the CVE-2023-1965 vulnerability, it's crucial to update your GitLab EE to a patched version. Follow these simple steps: 1) Identify your current GitLab EE version, 2) Check if it's within the affected range, 3) If so, update to version 15.9.6, 15.10.5, or 15.11.1, depending on your current version, and 4) Verify the update was successful.

Is CVE-2023-1965 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1965 vulnerability is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. This security issue, which affects GitLab EE, was added on May 3, 2023. The catalog doesn't mention a specific due date or required action, but it's crucial to update your GitLab EE to a patched version to protect your system from potential attacks.

Weakness enumeration

The CVE-2023-1965 vulnerability is associated with CWE-352, which refers to Cross-Site Request Forgery. This weakness allows attackers to exploit GitLab's Group SAML accounts through crafted URLs.

For more details

CVE-2023-1965 is a medium-severity vulnerability affecting GitLab EE, with potential consequences if left unpatched. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-1965 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2023-1965 is a medium-severity vulnerability affecting GitLab EE, a popular web-based DevOps platform. This security issue impacts specific versions of the software, allowing attackers to exploit a lack of verification on the RelayState parameter. As a result, maliciously crafted URLs can obtain access tokens granted for third-party Group SAML SSO logins. It's important to note that this feature is not enabled by default, and the vulnerability affects systems running certain GitLab EE versions.

How do I know if I'm affected by CVE-2023-1965?

If you're using GitLab EE, you might be affected by the CVE-2023-1965 vulnerability. To know if you're at risk, check your GitLab EE version. The affected versions are those starting from 14.2 but before 15.9.6, those starting from 15.10 but before 15.10.5, and those starting from 15.11 but before 15.11.1. This vulnerability is related to the RelayState parameter and could allow attackers to obtain access tokens for third-party Group SAML SSO logins. However, this feature is not enabled by default, so you might not be affected if you haven't enabled it.

What should I do if I'm affected by CVE-2023-1965?

If you're affected by the CVE-2023-1965 vulnerability, it's crucial to update your GitLab EE to a patched version. Follow these simple steps: 1) Identify your current GitLab EE version, 2) Check if it's within the affected range, 3) If so, update to version 15.9.6, 15.10.5, or 15.11.1, depending on your current version, and 4) Verify the update was successful.

Is CVE-2023-1965 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1965 vulnerability is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. This security issue, which affects GitLab EE, was added on May 3, 2023. The catalog doesn't mention a specific due date or required action, but it's crucial to update your GitLab EE to a patched version to protect your system from potential attacks.

Weakness enumeration

The CVE-2023-1965 vulnerability is associated with CWE-352, which refers to Cross-Site Request Forgery. This weakness allows attackers to exploit GitLab's Group SAML accounts through crafted URLs.

For more details

CVE-2023-1965 is a medium-severity vulnerability affecting GitLab EE, with potential consequences if left unpatched. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.